[Snort-users] MySQL support for Snort 2.9.4

waldo kitty wkitty42 at ...14940...
Wed Dec 12 09:17:07 EST 2012


On 12/11/2012 17:02, Kaya Saman wrote:
> On 12/11/2012 09:54 PM, Joel Esler wrote:
>> On Dec 11, 2012, at 4:47 PM, Kaya Saman <kayasaman at ...11827...
>>> Unknown MSG (145:3)
>>> Unknown MSG (145:4)
>>> Unknown MSG (145:5)
>>> Unknown MSG (145:6)
>>> Unknown MSG (2:1)
>>
>> That looks like your sig-msg.map is incorrect or something. Not sure where you
>> are getting that output from.
>
> This output was from the: sid_changes.log file created by Pulled Pork.

so a pulledpork thing... not snort... that's different since they are maintained 
by different entities ;)

>> Doesn't sound like that was the problem. Looks like you have a larger problem.
>> Traffic not being received or analyzed correctly. You said that all you were
>> getting was icmp alerts, and that doesn't sound right (unless that's all you have)
>
> I think you misunderstood, basically I got a whole bunch of p2p ping errors in
> the older version. A few tcp messages but that was really only due to the fact
> that snort wasn't active long enough as it kept segfaulting with "bus error" as
> the output straight after being run. Had it been run for longer and not died
> instantaneously I'm sure it would have picked up quite a bit more traffic!!
>
> Even running: tcpdump -ttt -eni trunk0 displays a log of output when run for
> only a second or two.

what is your snort command line?




More information about the Snort-users mailing list